The Software Engineering Institute helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Our core purpose is to help organizations improve software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.
The Secure Coding Team, of the world renowned CERT division of the SEI, is a pioneer of the identification and development of secure coding and secure software development practices. We are looking for an exceptional person to help us continue our leadership of ground-breaking improvements for securing software during development. Software has never been more important to our lives and our national security, nor has software insecurity ever been a greater risk.
If you join the team, you will work with elite cyber security experts to help software developers and software development organizations reduce vulnerabilities resulting from coding errors before they are deployed. We improve software security by identifying common programming errors that lead to software vulnerabilities, establishing secure coding standards, developing evaluation tools, and educating software developers.
You will participate in research and engineering projects that identify and implement standards for organizations to develop secure software systems. This will include developing and applying guidelines for writing secure code in C, C++, Java, and other popular languages. It also includes developing and using tools to verify that software is developed securely. You will work directly with customers to: develop and provide training in secure coding practices; evaluate, extend, and use tools to improve and automate source code analysis; review and improve code bases to ensure that the standards are being followed; and enhance the customers’ organizational capabilities to produce secure software systems. You will be expected to help customers improve their software to meet the security and privacy needs of their users by writing reports and delivering presentations that explain the results of your research and software evaluations.
You have a BS in Computer Science, Software Engineering, Information Science, or Information Systems Management or equivalent combination of training and experience.
You are willing to travel to other SEI locations, sponsor sites, conferences and offsite meetings.
You are able to thrive in an office setting, sitting for long time periods and having close contact with a computer.
You are able to multi-task and be detailed oriented.
You can meet inflexible deadlines and deal with challenges while maintaining professionalism.
You will be subject to a background investigation and must be eligible to obtain and maintain a Department of Defense security clearance.
Knowledge, Skills and Abilities:
You will have the knowledge, skills, and abilities to:
Develop and analyze source code in common programming languages such as C, C#, C++, Java, and Python, with a focus on secure coding principles and practices.
Use static and dynamic analysis tools to evaluate software to find and remove vulnerabilities.
Build and configure various software build environments, and build custom tools to integrate and automate the use of software building and analysis tools.
Analyze data from multiple sources, generate defensible results, and represent them in reporting products and interactions with customers, sponsors, and the public.
Collaborate in a team environment with other team members with varying skills, experience and locations.
Recognize and deal appropriately with confidential and sensitive information such as source code and software weaknesses and vulnerabilities.
Develop and explain technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
Work meticulously with careful attention to detail required to identify defects and weaknesses in large software systems, and to identify development process improvement opportunities.
Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape.
Contribute to program objectives and plan development.
Perform under some direction to establish and define work; use independent judgement when necessary to meet established work milestones and deadlines.
MS in Computer Science, Software Engineering, Information Science, Information Systems Management.
Developing and analyzing software for specific platforms, such as mobile platforms and embedded systems.
Using threat modeling tools to perform threat analysis on software systems.
Job Function Breakdown:
40% Contribute to internally funded research projects, developing experimentation environments, evaluating secure software development practices, and communicating results internally and externally in reports and presentations.
30% Directly support customer work in secure coding, verification and validation techniques, and technical training. Tailor our current offerings to provide value to customers by evaluating their software, software development, and software acquisition/procurement practices, and providing improvement recommendations. Communicate the findings of such evaluations through reports and presentations. Build new tools and capabilities that improve our ability to meet customer needs.
15% Codify knowledge that has been gained through customer and research projects to expand and update knowledge transfer materials, such as Secure Coding guidelines, training materials, and tools.
15% Develop knowledge and understanding of SEI capabilities; learn how SEI capabilities can be applied to customer problems; work directly with SEI staff supporting the community with disciplines related to secure coding and secure development.
Please visit “Why Carnegie Mellon” to learn more about becoming part of an institution inspiring innovations that change the world.
Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.
About Software Engineering Institute
Pursue your passion and work alongside world-recognized leaders in the field of software engineering. Our staff works with the highest levels of U.S. government and industry to secure the nation's critical infrastructure, improve mission-critical systems, and advance the state of the art.
Interested in working with us? To browse employment opportunities and apply for a position at the SEI, see our list of open positions at http://www.sei.cmu.edu/careers/. You can also visit the Carnegie Mellon site to learn about benefits for eligible employees, search for open positions that match your interests, and create a Job Agent that will notify you by e-mail when jobs that meet your criteria become available.
Resumes from recruiting firms will not be accepted.
Carnegie Mellon University is an EEO/Affirmative Action Employer – M/F/Disability/Veteran